Author Info

Recently, a significant cybersecurity threat has emerged, affecting over 16,000 Fortinet devices worldwide. These devices have been compromised with a symlink backdoor, granting attackers read-only access to sensitive files on previously breached systems. This alarming situation highlights the ongoing risks associated with cyberattacks and the importance of robust security

An emerging ransomware group known as "CrazyHunter" has been identified as a significant threat to Taiwanese organizations, particularly in vital sectors such as healthcare and education. This group has gained attention for its sophisticated attack methods and reliance on open-source tools. CrazyHunter's Tactics and Tools According

The Apache Roller blogging platform recently addressed a critical vulnerability that could allow persistent unauthorized access even after users changed their passwords. This flaw, identified as CVE-2025-24859, stemmed from inadequate session expiration, which failed to invalidate active user sessions following a password update. The Apache Software Foundation (ASF) has introduced

The popular imageboard 4chan is experiencing significant downtime amidst claims of a security breach. A user from the rival Soyjak forum has allegedly accessed and leaked 4chan's source code, known as Yotsuba. Investigations are currently underway. Current Status and Initial Reactions 4chan has been partially offline for over

A new spear-phishing campaign orchestrated by the Russian state-sponsored group Midnight Blizzard is targeting diplomatic entities across Europe. This campaign introduces a novel malware loader named 'GrapeLoader' alongside a new variant of the 'WineLoader' backdoor. Overview of the Cyberattack Midnight Blizzard, also known as 'Cozy

Intelligence from encrypted platforms such as Sky ECC and ANOM has facilitated the arrest of 232 individuals and the seizure of millions in assets. This marks a significant achievement in a European law enforcement operation targeting drug trafficking. Coordinated International Effort A collaborative effort among international law enforcement agencies, known

Google has introduced Firebase Studio, a cloud-based AI-powered integrated development environment (IDE) that allows users to build complete applications using simple prompts. This launch positions Google against Cursor AI, a prominent player in the emerging "vibe coding" trend. Cursor AI, valued at $10 billion, offers an AI-driven IDE

Ongoing exploitation of a critical vulnerability in CrushFTP file transfer software continues to raise concerns, as a disclosure dispute unfolds. The vulnerability, identified as CVE-2025-31161, involves an authentication bypass flaw and was added to the Cybersecurity and Infrastructure Security Agency's (CISA) Known Exploited Vulnerabilities catalog on April 7.

Microsoft's April 2025 security update addresses 126 vulnerabilities, with 11 marked as critical. These critical vulnerabilities, primarily remote code execution (RCE) issues, affect various Microsoft products. Notably, none have been exploited in the wild yet. Critical Vulnerabilities Overview Among the critical vulnerabilities, several impact Windows Remote Desktop Services: